Lucene search
+L

97 matches found

CNNVD
CNNVD
added 2024/06/11 12:0 a.m.19 views

Microsoft Azure Backlink Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. A backlink vulnerability exists in Microsoft Azure File Sync. An attacker could exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure Fi...

4.4CVSS6.7AI score0.00738EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/09 12:0 a.m.11 views

OpenCMS < 16.0 Multiples Vulnerabilities

According to its self-reported version number, the detected OpenCMS application is affected by multiple vulnerabilities : - An authenticated Cross-Site Scripting XSS vulnerability in basePath parameter - An unauthenticated Apache Solr Injection in query parameter Note that the scanner has not...

6.6AI score0.00232EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:8 a.m.36 views

BIT-GITLAB-2023-2200 Improper Encoding or Escaping of Output in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

5.4CVSS4.6AI score0.0046EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.40 views

GitLab 16.0 < 16.5.8 / 16.6 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2024-0402)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to...

9.9CVSS8.6AI score0.03302EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/12/17 11:2 p.m.33 views

CVE-2023-3907

Removed by vendor...

8.8CVSS7.3AI score0.00592EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.3 views

PT-2023-26773 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.0 through 16.4.3 GitLab EE versions 16.5 through 16.5.3 GitLab EE versions 16.6 through 16.6.1 Description: A privilege escalation issue in GitLab EE allows a project Maintainer to use a Project Access Token to escalate...

8.8CVSS7.1AI score0.00592EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2023/10/03 4:54 p.m.38 views

CVE-2023-5207

A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user...

8.2CVSS6.8AI score0.01094EPSS
Exploits0References3
OSV
OSV
added 2023/09/15 12:15 a.m.4 views

CVE-2023-40957

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...

8.8CVSS6.1AI score0.01075EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/07/21 1:1 p.m.53 views

CVE-2023-3484

Removed by vendor...

8CVSS6.6AI score0.00582EPSS
Exploits0
NVD
NVD
added 2023/07/13 3:15 a.m.23 views

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

5.5CVSS0.00549EPSS
Exploits0References2
Prion
Prion
added 2023/07/13 3:15 a.m.24 views

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch...

4CVSS4.3AI score0.00473EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/13 3:15 a.m.5 views

UBUNTU-CVE-2023-3362

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...

5.3CVSS6AI score0.00548EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/07/13 2:8 a.m.80 views

CVE-2023-3362

Removed by vendor...

5.3CVSS6AI score0.00548EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/07/13 2:0 a.m.15 views

CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the...

6.5CVSS6.3AI score0.00663EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/07/06 12:0 a.m.15 views

GitLab 12.8.x < 15.11.11, 16.0.x < 16.0.7, 16.1.x < 16.1.2 Path Traversal Vulnerability

GitLab is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

8CVSS6.5AI score0.00582EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/29 12:0 a.m.27 views

GitLab 16.0 < 16.0.6 / 16.1 < 16.1.1 (CVE-2023-3362)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project w...

5.3CVSS5.7AI score0.00548EPSS
Exploits0References3
NVD
NVD
added 2023/06/07 5:15 p.m.23 views

CVE-2023-2015

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.8 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A reflected XSS was possible when creating new abuse reports which allows attackers to perform...

6.1CVSS5.1AI score0.00612EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.6 views

GitLab 资源管理错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE that stems from high resource...

7.5CVSS7.3AI score0.01243EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.12 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab CE/EE, which stems from a possible...

6.1CVSS6.4AI score0.00612EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/06/06 5:15 p.m.33 views

CVE-2023-2132

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted...

7.5CVSS6.9AI score0.01325EPSS
Exploits0References4
Rows per page
Query Builder